Block dictionary attackers?

René Berber r.berber at
Sun Nov 19 07:06:16 GMT 2006

Res wrote:

> On Sat, 18 Nov 2006, Furnish, Trever G wrote:
>> By "dictionary attackers" I mean a connecting server that attempts
>> delivery to more than X invalid local recipients within a given
>> timeframe, which is almost always evidence that the connecting server is
> define(`confBAD_RCPT_THROTTLE',`2')dnl
> I figure if they can't get it right in 2 attempts then they can go away

They won't go away with throttle, it just puts a 1 second delay between tries.

What I use is milter-error, after 3 strikes they are blocked... but it has to be
3 different messages and each usually has several recipients, so they really try
about a dozen before getting blocked.  And their program is so dumb that they
keep trying, so your log now has "rejecting commands" over and over, at least
they can't test their list of addresses.
René Berber

More information about the MailScanner mailing list